Word to the wise—watch your email inbox with a critical eye, as email scams are on the rise. According to the FBI’s Internet Crime Complaint Center, they have identified a 270% increase in business email fraud since the beginning of 2015. Even smart and technologically savvy people can become email scam victims, so don’t let it happen to you!
“BEC (business email fraud) is a serious threat on a global scale. It’s a prime example of organized crime groups engaging in large-scale, computer-enabled fraud, and the losses are staggering,” said FBI Special Agent Maxwell Marker.
Who are they targeting?
Email scams often target specific markets such as the entertainment industry. According to IQ media, “The UK’s Entertainment Agents’ Association has issued a checklist for promoters following a sharp increase in the number of bogus emails purporting to come from leading booking agents.” Recent scams have seen fraudsters posing as the representatives of major artists, including Adele, Justin Timberlake, Beyoncé, and Eminem, all reported by big-name talent agencies like ITB, Live Nation, and Sensible Events. These phoney emails have targeted concert promoters and asked for deposits in exchange for (often non-existent) live dates.
“We’re seeing a worrying increase in this style of email scam,” says Neil Tomlinson, who joined the association (formerly the Agents’ Association) as president last April. “Before agreeing to any show or sending any deposits, promoters must be 100% sure that they are dealing with the real booking agent for that artist.’”
There may be a public perception that email scam campaigns are general in nature, much like the now-infamous Nigerian Prince scams. But cyber attackers can and will target specific and wide-ranging industries, from concert promoting to shower curtain manufacturing to propane dealers—anyone who has email and makes a profit. Many cyber attackers understand the mere appearance of expertise in their target market is often enough to garner trust and minimize suspicion, making the victims a lot less likely to recognize the danger.
The truth is, way too many people have been the one millionth visitor of a website running a content and consequently won a free iPhone. The more clever email con artists know that, so they will tailor their approaches to narrow ranges of targets. Email scams are often caught by spam filters, but some will slip past these protective measures and move straight to your inbox.
What are some indications of an email scam?
*Someone you have no prior communications with, reaching out with an entirely new email address, wants you to open an attachment or click on a link in the body of the email. The attachments are often malware, and the links often are to phishing websites which could also contain malicious software. Never open attachments or click on links from unfamiliar senders, no matter what.
*An email comes from a familiar email address and sender, but you know how this individuals typically communicates via email. If the content of the email seems out-of-character for this person or unusually full of grammatical and spelling errors, it may be that their email address has been spoofed or their email account hijacked by a cyber attacker. If there’s any doubt, compare the new email with other, older ones you’ve received from that person and analyze what you find. Differences in tone, syntax, and general voice can be a indicator. If your gut says the message is fake, err on the side of caution and assume it is a hacker. Don’t click any provided links, don’t open any attachments, and don’t reply. Just delete. And when you next see that person or speak with them, let them know their email has been compromised. If you really like them, you can even pick up the phone or send a message through social media.
*Financial institutions, utility providers, people higher up in your company or in tech support, and online services like Amazon and Netflix will never email you with a link to change details on your account, especially not your password. Phishing cyber attackers are excellent at spoofing the images embedded in HTML emails and even at spoofing actual email addresses and website URLs. Seeing “firstname.lastname@example.org” is no guarantee that the email is really from Amazon. If you’re subject to a data breach, a legitimate company may email you a warning about the breach, and they may ask you to change your password. But they absolutely won’t hyperlink you to a webpage to change your password. Visit their website directly without going through the email they sent you. Don’t even use a URL that may be mentioned in such an email. That way you can be sure that you’re entering a password into their real website and not a phishing website that’s designed to steal your password. Make sure that the website is HTTPS, too!
If someone in your company or a client of your company asks you to transfer funds to them, ask them in person or over the phone about it before you do anything. It’s common for scammers to pretend to be someone that you many normally send money to within your business. Email scams are a huge problem, so always remember to err on the side of caution and treat your digital communications like any other online asset.